This all doesn't help, I only get a 500 server error page and the apache log, which isn't useful.

Do you have any suggestions or idea's on what to do to get the needed log information which can tell me why there are problems?

I'm able to reproduce the error in Joomla when visiting the check extensions or check Joomla version pages. It's most likely related to a server side setting (in PHP) being wrong. I've already checked that curl and allow_url_fopen are turned on.

On some other pages the error appears every now and then, reloading the page a few times usually resolves it and on some pages it never even happens afaik.

So we can use mod_fcgid with PHP-FPM? I'm really confused because a lot of sources say it can't.

Nope, you can't. I said mod_proxy_fcgi.

gijs wrote:

I'm trying the proxy approach but I've heard it's less secure and it has some issues for me, which I assume can be resolved with configuration options.

Issues? What kind of issues?

You mean this?

Quote:

Unlike mod_fcgid and mod_fastcgi, mod_proxy_fcgi has no provision for starting the application process; fcgistarter is provided (on some platforms) for that purpose. Alternatively, external launching or process management may be available in the FastCGI application framework in use.

The thing I like most about that module is that you can run several instances aka clustering and load balancing.

Thank you for the fast reply James
My goal is to have the best performance, which requires UNIX sockets and PHP-FPM if I understood correctly. But security is a top priority together with stability and then comes performance/efficiency and maintainability.

I'll explain the issues/concerns I have right now.
I couldn't get UNIX sockets to work with php files from subdirectories. (seems like the $1 part is ignored with sockets?) As explained here: https://wiki.apache.org/httpd/PHP-FPM

So I had to resort to using TCP. After some reading I found that it's unsafe to use the fcgi proxy approach. Because the proxy is publicly accessible.
I edited my configuration to:

Which I believe is safe. (PHP-FPM is only bound to 127.0.0.1 as well, so it's no longer publicly accessible?)

The major issue I still have is that SEF URL's don't load. For example my Joomla front end and admin page load fine. But other URL's don't.
Because they don't have the index.php included in the URL I think. But obviously I don't want the index.php in a Search Engine Friendly URL.

I also know very little about the configuration of this proxy approach at the moment.
So far it seems that I need to add the above code for each virtual host, but I don't know how to override the PHP version in a .htaccess file for one application (which runs inside a folder of my virtualhost).

I'm also concerned/worried about the footnote on: https://wiki.apache.org/httpd/PHP-FPM
It states security risks (and performance issues). And by the looks of it the default settings are not secure and to resolve that it requires a complex configuration with rewrites?

Ubuntu starts it automatically for me, but in the /etc/php/7.0/fpm/pool.d/www.conf file I've set:
listen = 127.0.0.1:9000

Which should do the same and thus is just as safe, I assume.

I still have the following questions/issues:
1. The major issue I still have is that SEF URL's don't load. For example my Joomla front end and admin page load fine. But other URL's don't.
Because they don't have the index.php included in the URL I think. But obviously I don't want the index.php in a Search Engine Friendly URL.